From 25f8692a7935d10060eb3a8a7017f584d89fb8e7 Mon Sep 17 00:00:00 2001
From: Michael Campagnaro <mikecampo@gmail.com>
Date: Tue, 23 Jul 2013 23:02:42 -0400
Subject: [PATCH] Strip leading/trailing spaces from login
---
app/controllers/session_controller.rb | 2 +-
spec/controllers/session_controller_spec.rb | 17 ++++++++++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index ca1e4b24a..d0a195fec 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -9,7 +9,7 @@ class SessionController < ApplicationController
params.require(:login)
params.require(:password)
- login = params[:login]
+ login = params[:login].strip
login = login[1..-1] if login[0] == "@"
if login =~ /@/
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 64b9832b4..8f5e0556c 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -13,7 +13,7 @@ describe SessionController do
end
it "raises an error when the login isn't present" do
- lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
+ lambda { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
end
describe 'invalid password' do
@@ -72,6 +72,21 @@ describe SessionController do
end
end
+ context 'login has leading and trailing space' do
+ let(:username) { " #{user.username} " }
+ let(:email) { " #{user.email} " }
+
+ it "strips spaces from the username" do
+ xhr :post, :create, login: username, password: 'myawesomepassword'
+ ::JSON.parse(response.body)['error'].should_not be_present
+ end
+
+ it "strips spaces from the email" do
+ xhr :post, :create, login: email, password: 'myawesomepassword'
+ ::JSON.parse(response.body)['error'].should_not be_present
+ end
+ end
+
describe "when the site requires approval of users" do
before do
SiteSetting.expects(:must_approve_users?).returns(true)